Merge pull request #993 from Johann-PLW/main

Minor modules updates
abrignoni · Dec 23, 2024 · f123c19 · f123c19
2 parents 4eae41c + f37f886
commit f123c19
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 105 deletions.
diff --git a/scripts/artifacts/appGrouplisting.py b/scripts/artifacts/appGrouplisting.py
@@ -1,64 +1,40 @@
 __artifacts_v2__ = {
-    "get_appGrouplisting": {
+    "appGrouplisting": {
         "name": "Bundle ID by AppGroup & PluginKit IDs",
         "description": "List can included once installed but not present apps. Each file is named .com.apple.mobile_container_manager.metadata.plist",
         "author": "@AlexisBrignoni",
-        "version": "0.3",
-        "date": "2020-09-22",
+        "creation_date": "2020-09-22",
+        "last_update_date": "2024-12-20",
         "requirements": "none",
         "category": "Installed Apps",
         "notes": "",
-        "paths": ('*/Containers/Shared/AppGroup/*/.com.apple.mobile_container_manager.metadata.plist', '**/PluginKitPlugin/*.metadata.plist',),
-        "function": "get_appGrouplisting",
-        "output_types": ["html", "tsv", "lava"]
+        "paths": (
+            '*/Containers/Shared/AppGroup/*/.com.apple.mobile_container_manager.metadata.plist', 
+            '*/Containers/Data/PluginKitPlugin/*/.com.apple.mobile_container_manager.metadata.plist'),
+        "output_types": ["html", "tsv", "lava"],
+        "artifact_icon": "package"
     }
 }
 
-import biplist
 import pathlib
-import plistlib
-import sys
-
-#from scripts.artifact_report import ArtifactHtmlReport
-#from scripts.ilapfuncs import logfunc, tsv, is_platform_windows
-from scripts.ilapfuncs import artifact_processor
+from scripts.ilapfuncs import artifact_processor, get_plist_file_content
 
 @artifact_processor
-def get_appGrouplisting(files_found, report_folder, seeker, wrap_text, timezone_offset):
+def appGrouplisting(files_found, report_folder, seeker, wrap_text, timezone_offset):
+    source_path = 'Path column in the report'
     data_list = []       
+
     for file_found in files_found:
-        file_found = str(file_found)
-        with open(file_found, "rb") as fp:
-            if sys.version_info >= (3, 9):
-                plist = plistlib.load(fp)
-            else:
-                plist = biplist.readPlist(fp)
-            bundleid = plist['MCMMetadataIdentifier']
-
-            p = pathlib.Path(file_found)
-            appgroupid = p.parent.name
-            fileloc = str(p.parents[1])
-            typedir = str(p.parents[1].name)
-
-            data_list.append((bundleid, typedir, appgroupid, fileloc))
-
-    if len(data_list) > 0:
+        plist = get_plist_file_content(file_found)
+        bundleid = plist['MCMMetadataIdentifier']
 
-        filelocdesc = 'Path column in the report'
-        """
-        description = 'List can included once installed but not present apps. Each file is named .com.apple.mobile_container_manager.metadata.plist'
-        report = ArtifactHtmlReport('Bundle ID by AppGroup & PluginKit IDs')
-        report.start_artifact_report(report_folder, 'Bundle ID by AppGroup & PluginKit IDs', description)
-        report.add_script()
-        data_headers = ('Bundle ID','Type','Directory GUID','Path')     
-        report.write_artifact_data_table(data_headers, data_list, filelocdesc)
-        report.end_artifact_report()
+        p = pathlib.Path(file_found)
+        appgroupid = p.parent.name
+        fileloc = str(p.parents[1])
+        typedir = str(p.parents[1].name)
 
-        tsvname = 'Bundle ID - AppGroup ID - PluginKit ID'
-        tsv(report_folder, data_headers, data_list, tsvname)
-    else:
-        logfunc('No data on Bundle ID - AppGroup ID - PluginKit ID')
-        """
-        data_headers = ('Bundle ID', 'Type', 'Directory GUID', 'Path')
-        return data_headers, data_list, filelocdesc
+        data_list.append((bundleid, typedir, appgroupid, fileloc))
+
+    data_headers = ('Bundle ID', 'Type', 'Directory GUID', 'Path')
+    return data_headers, data_list, source_path
 
diff --git a/scripts/artifacts/appleLocationd.py b/scripts/artifacts/appleLocationd.py
@@ -3,8 +3,8 @@
         "name": "Location Services",
         "description": "Extracts location services settings",
         "author": "@AlexisBrignoni",
-        "version": "0.2.3",
-        "date": "2023-10-03",
+        "creation_date": "2023-10-03",
+        "last_update_date": "2024-12-20",
         "requirements": "none",
         "category": "Identifiers",
         "notes": "",
@@ -14,7 +14,6 @@
     }
 }
 
-import plistlib
 from scripts.ilapfuncs import artifact_processor, get_file_path, get_plist_file_content, device_info, convert_cocoa_core_data_ts_to_utc
 
 @artifact_processor

diff --git a/scripts/artifacts/appleMapsApplication.py b/scripts/artifacts/appleMapsApplication.py
@@ -1,68 +1,44 @@
 __artifacts_v2__ = {
     "appleMapsApplication": {
         "name": "Apple Maps Last Activity Camera",
-        "description": " ",
+        "description": "",
         "author": "@AlexisBrignoni",
-        "version": "0.2",
-        "date": "2020-08-03",
+        "creation_date": "2020-08-03",
+        "last_update_date": "2024-12-20",
         "requirements": "none",
         "category": "Locations",
         "notes": "",
         "paths": ('*/Data/Application/*/Library/Preferences/com.apple.Maps.plist'),
-        "function": "get_appleMapsApplication",
-        "output_types": ["html", "tsv", "lava"]
+        "output_types": ["html", "tsv", "lava"],
+        "artifact_icon": "map-pin"
     }
 }
 
 
-import plistlib
 import blackboxprotobuf
-import scripts.artifacts.artGlobals
+from scripts.ilapfuncs import artifact_processor, get_file_path, get_plist_file_content
 
-#from scripts.artifact_report import ArtifactHtmlReport
-from scripts.ilapfuncs import logfunc, tsv, lava_process_artifact, lava_insert_sqlite_data
-
-def get_appleMapsApplication(files_found, report_folder, seeker, wrap_text, timezone_offset):
-    versionnum = 0
-    file_found = str(files_found[0])
+@artifact_processor
+def appleMapsApplication(files_found, report_folder, seeker, wrap_text, timezone_offset):
+    source_path = get_file_path(files_found, "com.apple.Maps.plist")
+    data_list = []
 
-    with open(file_found, 'rb') as f:
-        plist = plistlib.load(f)
-
-        types = {'1': {'type': 'double', 'name': 'Latitude'},
-                '2': {'type': 'double', 'name': 'Longitude'}, 
-                '3': {'type': 'double', 'name': ''}, 
-                '4': {'type': 'fixed64', 'name': ''}, 
-                '5': {'type': 'double', 'name': ''}
-                }    
-        protobuf = plist.get('__internal__LastActivityCamera', None)
-        if protobuf:
-            internal_plist, di = blackboxprotobuf.decode_message(protobuf,types)
-            latitude = (internal_plist['Latitude'])
-            longitude = (internal_plist['Longitude'])
-
-            data_list = []
-            data_list.append((latitude, longitude))
-
-            report = ArtifactHtmlReport('Apple Maps Last Activity Camera')
-            report.start_artifact_report(report_folder, 'Apple Maps Last Activity Camera')
-            report.add_script()
-            data_headers = ('Latitude','Longitude' )     
-            report.write_artifact_data_table(data_headers, data_list, file_found)
-            report.end_artifact_report()
-
-            tsvname = 'Apple Maps Last Activity Camera'
-            tsv(report_folder, data_headers, data_list, tsvname)
-
-            category = "Apple Maps Last Activity Camera"
-            module_name = "get_appleMapsApplication"
-
-            data_headers = ['Latitude','Longitude']
-
-
-            table_name1, object_columns1, column_map1 = lava_process_artifact(
-                category, module_name, 'Apple Maps Last Activity Camera', data_headers, len(data_list))
-            lava_insert_sqlite_data(table_name1, data_list, object_columns1, data_headers, column_map1)
+    plist = get_plist_file_content(source_path)
+
+    types = {'1': {'type': 'double', 'name': 'Latitude'},
+            '2': {'type': 'double', 'name': 'Longitude'}, 
+            '3': {'type': 'double', 'name': ''}, 
+            '4': {'type': 'fixed64', 'name': ''}, 
+            '5': {'type': 'double', 'name': ''}
+            }    
+
+    protobuf = plist.get('__internal__LastActivityCamera', None)
+    if protobuf:
+        internal_plist, _ = blackboxprotobuf.decode_message(protobuf,types)
+        latitude = (internal_plist['Latitude'])
+        longitude = (internal_plist['Longitude'])
 
-        else:
-            logfunc(f"No Apple Maps Last Activity Camera data available")
+        data_list.append((latitude, longitude))
+
+    data_headers = ('Latitude','Longitude')
+    return data_headers, data_list, source_path    
diff --git a/scripts/artifacts/backupSettings.py b/scripts/artifacts/backupSettings.py
@@ -3,8 +3,8 @@
         "name": "Backup Settings",
         "description": "Extracts Backup settings",
         "author": "@AlexisBrignoni",
-        "version": "0.2",
-        "date": "2023-10-04",
+        "creation_date": "2023-10-04",
+        "last_update_date": "2024-12-20",
         "requirements": "none",
         "category": "Identifiers",
         "notes": "",

diff --git a/scripts/artifacts/blockedContacts.py b/scripts/artifacts/blockedContacts.py
@@ -3,8 +3,8 @@
         "name": "Blocked contacts",
         "description": "Extract blocked contacts",
         "author": "@JohannPLW",
-        "version": "0.1",
-        "date": "2023-12-08",
+        "creation_date": "2023-12-08",
+        "last_update_date": "2024-12-20",
         "requirements": "none",
         "category": "Contacts",
         "notes": "",